Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1414Cross-Site Request Forgery in Fortinet Fortios

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
0.4%
top 36.50%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Fortinet Fortios
Timeline
PublishedJul 8
Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDfortinet/fortios4.3.12+3

🔴Vulnerability Details

2
GHSA
GHSA-6fwq-897c-7pmp: Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 42022-05-17
CVEList
CVE-2013-1414: Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 42013-07-08

💥Exploits & PoCs

1
Exploit-DB
Fortigate Firewalls - Cross-Site Request Forgery2013-07-01
CVE-2013-1414 — Cross-Site Request Forgery in Fortinet | cvebase